As the Internet and World Wide Web become increasingly ubiquitous, people are increasingly transacting business electronically and remotely. Although the convenience of the availability of web-based applications (e.g., online banking, online shopping, online, voting, etc.) is evident, there are also perils associated with increasing reliance on such applications. For example, there is large degree of anonymity in connection with using the Internet. Although a user might identify himself, without hearing his voice, or seeing him in person, one can never be certain that the person on the other end of the electronic communication is precisely who he says he is.
One way to overcome this problem has been to require people to employ unique usernames and passwords that only the authorized user is supposed to know. However, this is not a failsafe methodology in that it can be quite simple to learn (or “hack”) someone's supposedly secret credentials.
World Wide Web applications (“web-based applications”) often control access by requiring users to enter information (e.g., user name and password) at a login screen. But, as noted above, access to the web-based application could easily be attained by a non-authorized user who has simply gained access to one's username and password.
There is therefore a need to improve security in the web-based applications fields, as well as others.